Lock table is out of available lock entries
by Kees Bakker
Hi,
When my dirsrv was trying to compact the databases I was getting this error
[07/Aug/2021:23:59:02.715984489 +0200] - NOTICE - bdb_compact - Compacting databases ...
[07/Aug/2021:23:59:02.765932397 +0200] - NOTICE - bdb_compact - Compacting DB start: userRoot
[07/Aug/2021:23:59:03.518175414 +0200] - NOTICE - bdb_compact - compactdb: compact userRoot - 417 pages freed
[07/Aug/2021:23:59:03.576427786 +0200] - NOTICE - bdb_compact - Compacting DB start: ipaca
[07/Aug/2021:23:59:03.659941533 +0200] - NOTICE - bdb_compact - compactdb: compact ipaca - 419 pages freed
[07/Aug/2021:23:59:03.718445310 +0200] - NOTICE - bdb_compact - Compacting DB start: changelog
[08/Aug/2021:00:00:40.807571334 +0200] - NOTICE - NSMMReplicationPlugin - changelog program - cl5CompactDBs - compacting replication changelogs...
[08/Aug/2021:00:00:54.309357211 +0200] - ERR - libdb - BDB2055 Lock table is out of available lock entries
[08/Aug/2021:00:00:54.726504736 +0200] - ERR - bdb_compact - compactdb: failed to compact changelog; db error - 12 Cannot allocate memory
[08/Aug/2021:00:00:54.801571421 +0200] - ERR - libdb - BDB2055 Lock table is out of available lock entries
[08/Aug/2021:00:00:54.876618702 +0200] - ERR - NSMMReplicationPlugin - changelog program - cl5CompactDBs - Failed to compact a797bb0b-be1d11eb-88c0b677-613aa2ad; db error - 12 Cannot allocate memory
[08/Aug/2021:00:00:57.253006449 +0200] - NOTICE - bdb_compact - Compacting databases finished.
There are about 402k entries in cn=changelog.
I have a few questions
1) is it normal to have so many entries in cn=changelog? On another replica I have almost 3M entries Isn't this cleaned up?
2) the number of locks is 50000 (there are two config items). Should I increase that number? If so, increase to what?
3) is there maybe something else going on, causing the exhaustion of the locks?
--
Kees Bakker
2 years, 6 months
syntax passwd policy trivial words restrictions issues
by Ghiurea, Isabella
Hi List,
We are testing a new passwd syntax policy in ldap we have only cfg password length to 8 char and according to this RH Doc bellow there are some exceptions( aka "trivial words" and uid, cn, givenName which can not be used ) when a user tries to update his passwd , for example if the new passwd contains more than 3 char from his uid the ldapasswd cmd will fail .
Exemple :
Uid=6712
For new Passwd :cheese671cheese >> will fail
But for passwd: cheese67cheese will work .
I need to understand if we need other passwd attributes to cfg or why this char min limitation and how to solve this issue?
Our uid can be from 4 char lenhgt to 14 char length.
Here is in ldap ldif:
nsslapd-pwpolicy-inherit-global: on
nsslapd-pwpolicy-local: off
passwordTrackUpdateTime: on
passwordCheckSyntax: on
passwordminlenghth: 8
passwordMinCategories: 1
And RH DS doc :
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
9.6.2.7. Password Syntax Checking
Password syntax checking enforces rules for password strings, so that any password has to meet or exceed certain criteria. All password syntax checking can be applied globally, per subtree, or per user. Password syntax checking is set in the passwordCheckSyntax attribute.
The default password syntax requires a minimum password length of eight characters and that no trivial words are used in the password. A trivial word is any value stored in the uid, cn, sn, givenName, ou, or mailattributes of the user's entry.
Thank you
Isabella
2 years, 6 months
ldapsearch filters
by Ghiurea, Isabella
Dear List,
What ldapsearch options/ filters I need to use to find all the multiple uid /cn's entries associated to one single email address in my DS with > 5k entries? ( I do not know the email address or uids values)
Thank you
2 years, 6 months